On Thursday 15 February 2007 13:44, Goswin von Brederlow wrote: > > This includes my (partial) local mirror. Let's just say that this > > would seriously impact my work on D-I and the release. > > Slightly off the topic but does that (still) work fine for you? Yes, debmirror works fine here. Apparently they stopped using the old key in time. > I heard reports that D-I won't install from the netboot/busybox medium > if the signature can't be verified. > > It would be very bad if the key expirey breaks D-I in the future. This has been "solved" by changing from using yearly keys to using release keys. It is just that RC1 did not contain the release key yet. So this should not be an issue in the future as long as release keys don't get revoked (but then things _should_ break and new images with new keys made available anyway). I see the Etch key is valid only until 01 July 2009, so after that date this _will_ be a problem. By then Etch should hopefully be "oldstable", but having a working installer for oldstable is still a good thing... Cheers, FJP
Attachment:
pgpJB0W0Tka1S.pgp
Description: PGP signature